Holistic Security

2018 marks 28 years for Condortech Services. Starting from my basement, I am really humbled by the progress we’ve made in these past few decades. The reminiscing didn’t last too long though; I really started to reflect on the industry as a whole and how I’ve seen it evolve over time. When we started in my basement, security was a one-horse kind of industry. You installed a camera, a badge reader for entry and you got a gold star. As I am forecasting my company’s future, I realize security integrators must rise to the level of 360° risk mitigators. The origin of this holistic shift stems from a smarter customer, but also from the sophisticated threats we see reported everyday by the media.

There are 8 major components every integrator (and end user) needs to understand and hopefully master. These include: Architecture, Civil Engineering, Cyber Security, Information Technology, Electronics, Government Regulations, Software, and Operating Technologies.

Architecture: When the client asks for a design-build system, the keys are in your hand. Whether it’s for a condominium complex or a military base, they want something aesthetically pleasing. There is a lot to be said about a lobby that looks beautiful, and yet is fully secured. Making sure you have capable people to draw, design and envision will put you ahead of the competition.

Civil Engineering: Along with designing the system, integrators must understand the environment of the site. We learned this lesson the hard way when we took on a northern border project for CBP in the early 2000s. We had towers to install, which normally requires 6ft of digging to anchor. The terrain and freezing conditions during the winter required us to dig 16ft instead. This is just one example, but we must put on our construction hats for the customer; otherwise they may go to the competition looking for a one stop shop.

Software: Larger contract sites usually have more than one manufacturer installed at their facility. Many programs are proprietary and therefore, weren’t necessarily created with the idea of connecting. It is our job to understand the coding and work with the manufacturers to provide the true integration the customer is looking for. Sometimes, of course, this requires a complete remove and replace.

Regulations: When HSPD-12 was first issued, Condortech quickly moved to get into compliance. Since then many other requirements have been issued from the federal government, including FIPS-202 and more recently the Buy American initiative. These are in addition to standards like IEEE, UL, and Life Safety. Any business that does not monitor the directives regularly will be left behind. In some procurement avenues, you cannot even bid if you do not comply. Fort Leonard Wood recently ripped all of their surveillance cameras out because they were Chinese made and potentially tampered with. Bad news for whoever installed those, good news for their competition.

Electronics: I see this as a major gap. We must understand the foundation of those sensors. How are you going to pass so much data through a specific hardware to authenticate for (let’s say) an access control system? Do you understand how the CAC card or PIV card are crafted?

Cyber Security: At the trade shows, this topic is the buzz word of the day. In our realm, integrators need to understand that if their piece of hardware can connect to the internet, it must be protected like you would a laptop. The customer now wants to know- what are your hardening practices? How will you protect their devices from being hacked, like the cameras in DC were? It is no longer an “IT issue”. I recommend educating yourself at a ‘hackerish’ conference like DefCon or BlackHat.

IT: IT companies and security integrators tend to partner together, unless you have an in-house department. I include this component to say, an engineer must understand how everything connects. IT guys are like the NASCAR drivers. They understand how to turn the car, make it go faster; prevent it from crashing, etc. We are the mechanics, their driving skills mean nothing if we forget to tighten the wheels properly.

Operating Technologies (OT) include PACS, CCTV, IDS and are an integrator’s bread and butter. If you’re in the industry, then you have your partners out there and manufacturers you work with. More importantly, we have to understand who we are as an entity and acknowledge that we are a complex provider. I ask myself, how do we keep evolving? My mission is to instill this holistic perspective into the culture of my company and to share with my colleagues so we can move forward together.

What components do you see emerging or missing from this list? Leave your thoughts and comments below.